September 2, 2015 News-Events Hackers and cyber-criminals keep growing in numbers and seem to be getting more creative and successful every day. Though there is growing concern that these evil-doers can’t be stopped totally, there are things you can do to help protect against certain known threats.Thieves continue to poke around business phone systems to uncover areas of vulnerability where they can gain access to your business calling services and make long distance and international toll calls on your company’s dime, and dollars. The costs can be huge! Victimized companies around the globe have to pay billions of dollars a year due to these perpetrators. Below are some things you should be aware of, along with suggestions for what to do to protect against the unauthorized use of your phone service. Block or limit International calling with your Carrier or through your phone system. You can inform your carrier that you never want to allow calls to foreign countries. They generally won’t restrict or allow certain countries, so with your Carrier Provider option it’s all or nothing. Most business phone systems give you the capability to block or allow calling by country code. Most exploits of International Toll Fraud are calls to African countries, but there are many other countries to be concerned about. Since most businesses that do legitimately call internationally only need to reach a short list of countries, you are likely best off blocking International Calling on your phone system and then adding the few countries you wish to call to the system’s Allowed List. (i.e. only allow calls to the country codes for U.K., Canada, Mexico, France, Brazil, etc.). This will block the many other countries that toll fraud perpetrators seem to target for their international calling. Countries that are among the highest volume destinations for Toll Fraud include: Latvia, Somalia, Sierra Leone, Guinea and Cuba to name a few. If your company has international dialing requirements beyond a specific list of countries, another option is to enable forced account codes on long distance or international calls (depending on the phone system options for this feature). By enabling this feature a user must enter an account code for any long distance call (including international) which limits the ability for hackers to use that extension to dial out to these numbers. Some systems also offer time of day restrictions for international dialing that can limit these types of calls to business hours and restrict them after hours. Most times these types of toll fraud activities occur after business hours when no one is there to see the unusual activity. Minimize the visibility of your phone system to the Web. Firewall best practices apply here. Block open ports to your phone system through your Firewall settings. If you do need remote access to your phone system to perform administration duties by you or your phone system support company, then set up Trusted Host so only connections from specific IP addresses can get through. Strong Passwords On Everything Voice Mailboxes, Admin access, Softphones on Computer/Mobile devices, SIP Phones, web based user portals, etc. all need to be protected with passwords that meet the criteria for being a strong password. Softphones and SIP Phones typically have default passwords that mirror the extension number of the device, something that the bad guys know and will exploit. Never deploy one of these devices without immediately creating a strong password to replace the default. Any function on a phone system that can access an outside line needs to be protected if you have not already blocked all International calling. This includes Voice Mail and extensions that forward off site via an outside line (i.e. “press 2 to connect to our Answering Service”). There have been cases where the hackers knew how to do the programming on a phone system to create the vulnerability and then exploited it. Admin access must be strongly protected! Still unsure if your business is fully protected? Contact an ETA team member today for an evaluation!